Call us at: +91-8527317000


EnCase Forensic

EnCase Forensic software enables the examiners to quickly uncover critical evidence and complete deep forensic investigations, and to create compelling reports on their findings. With advanced capabilities and the powerful EnScript® programming language, EnCase Forensic has long been the go to digital forensic solution worldwide. Is has an easy to use web-like user interface, automated configurable evidence processing, unified search across the entire case, customizable reporting templates, simple email review, integrated smart phone & tablet acquisition, and Optimized Case Management, including native encryption capabilities

EnCase Portable

EnCase Portable is composed of two components, Triage and Collect. Triage allows forensic experts and non-experts alike to quickly review information in the field, in real time, without altering or damaging the information stored on a computer. By executing pre-configured triage searches, users can quickly browse pictures, view internet history, see who has been using a computer, and much more. With Collect, anyone can become an extension of an organization’s computer forensic incident response team. Running collection searches, pre-configured by the experts, anyone can perform forensically sound collections in the field. Collect can be used to create a bit-by-bit copy of a computer’s hard drive or perform a targeted collection based on the criteria required for the specific situation. In addition, with Collect, Investigating Officers can collect an exact copy of a computer’s memory, which can contain valuable information pertinent to an investigation.

Belkasoft Evidence Center 2018

All-in-one forensic solution for acquiring, extracting, and analyzing digital evidence stored inside computers and mobile devices Trusted by the police around the Globe Used by thousands forensic experts and police departments from more than 70 countries worldwide

Evidence Center features

  1. Fully automated acquisition, extraction and analysis of 700+ types of evidence.
  2. Destroyed and hidden evidence recovery via data carving.
  3. Live RAM analysis.
  4. Cloud data downloading and analysis.
  5. Advanced low-level expertise.
  6. Concise and adjustable reports, accepted by courts.

Types of evidence supported by Evidence Center

  1. Office documents. 
  2. Email clients.
  3. Pictures and videos.
  4. Mobile application data.
  5. Web browser histories, cookies, cache, passwords, etc.
  6. Chats and instant messenger histories.
  7. Social networks and cloud services.
  8. System files, including jumplists, thumbnails and event logs.
  9. Encrypted files and volumes.
  10. Registry files.
  11. SQLite databases.
  12. Peer-to-peer software.
  13. Plist files.
  14. Geolocation data.
  15. Payment systems and crypto currencies.

Types of analysis performed by Evidence Center

  1. Existing files search and analysis. Low-level investigation using Hex Viewer.
  2. Data carving and destroyed evidence recovery.
  3. Live RAM analysis including process extraction and data visualization.
  4. Cloud data analysis.
  5. In-depth Volume Shadow Copy support.
  6. Hibernation file (hiberfil.sys) and page file (pagefile.sys) analysis.
  7. Native SQLite analysis with freelist and WAL support.
  8. Discovers deleted SQLite records, e.g. Skype conversations or WhatsApp messages.
  9. Picture analysis including EXIF and GPS analysis, face/test/pornography/forgery detection.
  10. Video key frame extraction.
  11. Analysis of social communications with Social Graph Builder module.
  12. Malware and suspicious processes detection.
  13. Encryption detection.
  14. Special files and folders analysis (e.g. Volume Shadow Copy, $OrphanFiles, $MFT etc.).
  15. Hashset analysis.
  16. Flexible analysis with BelkaScript, free scripting module.
  17. Advanced search and data filtering, more than 20 types of predefined search (card and telephone numbers, names, suspicions words, etc.).

Evidence Center works with the following data sources and file systems

  1. Storage devices - Hard drives and removable media.
  2. Disk images - EnCase (including Ex01), L01/Lx01, FTK, DD, Smart, X-Ways, Atola, DMG.
  3. Mobile devices - Mobile backups, UFED dumps, chip-off and JTAG dumps.
  4. Virtual machines - VMWare, Virtual PC, VirtualBox, XenServer.
  5. Volatile memory - Life RAM dumps; fragmented memory set analysis with BelkaCarving™.
  6. Memory files - Hibernation file and Page file.
  7. Unallocated space - Data carving discovers destroyed evidence.
  8. Network traffic - PCAP files.
  9. File systems – FAT, exFAT, NTFS, HFS, HFS+, ext2, ext3, ext4, YAFFS , YAFFS2.

Evidence Center helps investigate the following systems

  1. Windows (all versions, including Windows 10).
  2. Mac OS X.
  3. Unix-based systems (Linux, FreeBSD, etc.).
  4. iOS: iPhone, iPad.
  5. Android.
  6. Windows Phone 8/8.1.
  7. Blackberry.

Amped Software

Amped FIVE : Video Enhancement Amped FIVE is the most complete software for enhancing and analyzing images and videos during investigations. A single tool to analyze crime scene photos, enhance surveillance and intelligence video with a workflow compatible with forensic needs and constraints.

Amped Authenticate : Effective Photo Forensics Authenticate is a photo analysis software for forensic image authentication and tamper identification. Several tools are available to determine whether an image can be trusted and thus accepted as evidence and verify if a photo has been taken from a specific device.

AD Triage

AccessData Triage (AD Triage) is a portable computer forensics solution to acquire data. It is a forensically sound and easy to use triage tool for on the scene preview and acquisition of computers (either live or shut down). With the help of this tool, the forensics examiner as well as non forensics personnel alike can acquire volatile and all or targeted hard drive data from a system in just minutes. Law enforcement agencies can preserve evidence securely without having to wait hours for a forensics expert to arrive on the scene. You can preview the file system and target data by criteria, including keyword(s), hash, regular expression, file size, date and time, extensions, file path and illicit images. In addition, users can collect network and system information, as well as live memory. It allows you to acquire the full disk, a volume, or peripheral devices, saving data to a USB device or an external hard drive and exports the data to a designated location on the same network. You can pre-configure your AD Triage device to automatically acquire only the data you’ve selected, allowing inexperienced users to safely and effectively use the tool.

Steganography Detection & Analysis

Steganography Detection & Analysis Suite (Stego Suite) provides investigators with advanced steganograpy investigation capabilities. This suite includes four software tools Stego Hunter, StegoWatch, StegoAnalyst and StegoBreak, allowing investigators to detect, analyze and in certain circumstances recover hidden information.

Malware Identification & Analysis

Gargoyle Investigator - Forensic Pro Edition includes very advanced malware detection and identification. The tool can search for “bad programs” and can provide information like suspect’s intentions, activities and motives.


The Forensic Tool Kit (FTK) is an integrated computer forensics solution which allows you to create images, process a wide range of data types from forensic images to email archives, analyze the registry, conduct an investigation, decrypt files, crack passwords, and build a report. It recovers passwords from more than 100 applications. It has a KFF hash library with 45 million hashes and provides advanced automated analysis without the need for scripting.

A new expansion module includes malware analysis and visual analytics from within the integrated platform. It provides threat scores and dis-assembly analysis to determine both the behavior and intent of suspect binaries. You can view data in multiple display formats, including timelines, cluster graphs, pie charts etc. and quickly determine relationships in the data, find key pieces of information, and generate reports.

Each copy of FTK allows one examiner machine and three distributed workstations. It supports 32-bit and 64-bit Windows® OS, and provides comprehensive analysis of volatile data and static RAM analysis from an image or against a live system. Also, it does MAC analysis.

Products & Solutions

  • Establishment of Cyber lab/Computer forensics lab
  • Tailor made training program on computer forensics, mobile forensics and Data analysis
  • Onsite search and acquisition of digital evidence
  • Digital Crime Scene Response
  • Data mining Solution
  • Cyber Lab Integration
  • Computer forensics including analysis and reporting
  • Data recovery of digital media
  • Email Investigations